Rule Library
Sigma Rules
4 rules found for "SolarWinds-Supply-Chain"
3,731Total
3,132Detection
457Emerging
139Hunting
Emerging Threathightest
UNC2452 Process Creation Patterns
Detects a specific process creation patterns as seen used by UNC2452 and provided by Microsoft as Microsoft Defender ATP queries
WindowsProcess Creation
Florian Roth (Nextron Systems)Fri Jan 222020
Emerging Threatcriticaltest
UNC2452 PowerShell Pattern
Detects a specific PowerShell command line pattern used by the UNC2452 actors as mentioned in Microsoft and Symantec reports
WindowsProcess Creation
Florian Roth (Nextron Systems)Wed Jan 202020
Emerging Threathightest
Suspicious VBScript UN2452 Pattern
Detects suspicious inline VBScript keywords as used by UNC2452
WindowsProcess Creation
Florian Roth (Nextron Systems)Fri Mar 052020
Emerging Threatcriticaltest
Solarwinds SUPERNOVA Webshell Access
Detects access to SUPERNOVA webshell as described in Guidepoint report
Web Server Log
Florian Roth (Nextron Systems)Thu Dec 172020